When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.
This is all preamble to say that I have decided not to duplicate the Canon content on both the Palo Alto Network's Canon Page and the Terebrate sight. I will still post the individual book reviews, but if you want to follow along with what is happening with the Canon Project, please read the Canon page.
Of your list, I've read two...the book about Anonymous and Cyber War. I agree both should be on a list like this. I'm going to look into reading your other suggestions.
ReplyDeleteThat is fantastic. Let me know if you think of any other that should be on the list.
DeleteGhost in the Wire - Mitnik, Digital Fortress - Dan Brown
ReplyDeleteI have read both of these but when I ran them through my criteria, they did not hold up. They just are not written that well. They are great stories, don't get me wrong, but they were written by amateur writers. Brown got better (obviously), but Digital Fortress was one of his early efforts.
DeleteTry Jurassic Park - it contains numerous issues relating to information security failures and vulnerabilities.
ReplyDeleteTotally agree. Especially with mgmt (Hammond) not valuing the talent (specifically Nedry).
DeleteI don't know if 20 is enough. I've read 5 of these. I HAVE to read the others now. I too would suggest Digital Fortress by Dan Brown.
ReplyDeleteI agree that 20 is not enough. 20 is just the number I could get through in a year :)
DeleteHere are the books I would add:
ReplyDeleteAgainst the Gods by Peter Bernstein
Social Engineering by Christopher Hadnagy
The Art of Intrusion by Kevin Mitnick
Beyond Fear by Bruce Schneier
The Failure of Risk Management by Douglas Hubbard
How to Measure Anything by Douglas Hubbard
Thinking Fast and Slow by Daniel Kahneman
Security Engineering by Ross Anderson
I added the following to my reading queue:
Delete: Against the Gods by Peter Bernstein
: Thinking Fast and Slow by Daniel Kahneman
I already had these in my reading queue
: Social Engineering by Christopher Hadnagy
: The Failure of Risk Management by Douglas Hubbard
: How to Measure Anything by Douglas Hubbard
I have read these and do not think they meet the criteria:
The Art of Intrusion by Kevin Mitnick; Both of his books are not written very well.
Beyond Fear by Bruce Schneier; I think Secrets and Lies (his first) should go here instead. Beyond Fear is just a rehash of Secrets and lies told at the next level.
Security Engineering by Ross Anderson
Heidi, Geek Girl Detective!
ReplyDeleteThat is a great suggestion. I just added it to my reading queue.
DeleteDo you have a review of The Girl with the Dragon Tattoo? (The photo link goes to your main page, and I wasn't able to find one within your site on my own.) I appreciate this interesting undertaking and your extensive reviews. I will be checking out the books I have not read.
ReplyDeleteAh - you caught me. I did not have my review of The Girl with the Dragon Tattoo ready before I presented this idea at RSA last week. I have it about done and expect to publish it in a week or so. Stand by ....
DeleteHere it is finally:
Deletehttp://terebrate.blogspot.com/2014/03/book-review-girl-with-dragon-tattoo.html
YOU READ MY MIND! THANK YOU!!!
ReplyDeleteI was just asking a cyber security researcher (who everyone knows and reads every day and is considered top in his field) about a reading list he might recommend for me as I reinvent myself on career path in cyber security. Instead, he pointed me to his "blogroll". Bottom line - he couldn't give me a list of literature that would spark my interest, add to my passion, and develop me into a true innovator and practitioner of cybersecurity.
I've read some of these books on your list, but there are many more that I haven't. Thank you for providing this.
Regards,
Steve
As an avid Neal Stephenson fan, I've read all his books on your list and wholeheartedly concur with their inclusion. If I may, I'd like to also suggest that those of us with cyber interests need to agree on a set of terminology - a common lexicon - of cyber technologies and practices. And as an extension of your efforts to build a Cyber Security Canon you might consider an associated Cyber Security Dictionary.
ReplyDeleteWhat a great idea. I think I have seen this online before though. Do you have an example where a word or phrase in our community has ambiguous meaning?
DeleteEnigma (Robert Harris), The Code Breakers (David Kahn), Network and Internetwork Security: Principles and Practice (Stallings), Security Engineering (Ross Anderson)...
ReplyDeleteI just put Enigma and Security Essentials into my reading queue.
DeleteI had Code Breakers and Security Engineering in there already.
Thanks for the feedback.
This is a great idea, and needs to be better publicized. There are many well-written books out there relevant to our field. I tend to lean towards the human aspect of cyber security and would propose David Lacey's 'Managing the Human Factor in Information Security: How to win over staff and influence Business Managers' (Wiley, 2009). It may not reach the level for canon, but I think it provides a welcome balance.
ReplyDeleteGreat list of books here. I would recommend you take a look at Cory Doctorow's "Little Brother" and "Homeland" as potential additions.
ReplyDeleteI have read Little Brother and loved it; kind of scary; but loved it especially in our post-"Snowden" lives.
DeleteHi Rick,
ReplyDeleteThanks for a great post! I took a few of your recommended books on holiday. I'd agree about adding Secret and Lies by Bruce Schneier. I would also recommend John Naughton's From Gutenberg to Zuckerberg and Simon Singh's The Code Book.
Gail,
ReplyDeleteThanks for the suggestions. I have The Code Book in my reading queue already but I will add Naughton's book to the list.
River of Gods and Dervish House by Ian McDonald are good techno novels for your list
ReplyDeleteI am putting these on my list.
DeleteAnd I forgot Homeland, Cory Doctorow's sequel to Little Brother
ReplyDeleteThis one too ....
DeleteHave you tried
ReplyDeleteA bug hunter`s diary
Grayhat python
I will put them into my reading queue.
DeleteI spoke too soon. It was already on my list. :)
DeleteLethal Code by Thomas Waite, while a fictional "worst case" scenario, is a good cautionary tale. It isn't deep technology, but rather an entertaining and frightening thriller that serves as a wake-up call for average Americans.
ReplyDeleteI put it on my list.
ReplyDelete--Rick
Rick Howard, I am fond of reading Novels and I have read almost all books. You have described list very beautifully. You know most of these books would be in top 10 novels list for everyone.
ReplyDeleteLisa - Thanks for those kind words and thanks for sharing the Ranker Site.
ReplyDeleteThis is really tremendous that the way you desceibe. This information is so much more than I needed!keep it up .
ReplyDeletetech policy government